gaazkam – Page 2 – WindowsTechs.com

How does validating the PGP signature of a downloaded executable against the publisher’s public key show that the binary has not been tampered with?

Posted on July 28, 2021 by gaazkam

Websites that host downloadable executables often provide measures to confirm the integrity of the data that is available to download. Such measures include:

Hosting the website under HTTPS;
Providing the SHA-256 sum of the downloaded bin… Continue reading How does validating the PGP signature of a downloaded executable against the publisher’s public key show that the binary has not been tampered with?→

How strict should I be in rejecting unexpected HTTP request parameters redux?

Posted on June 10, 2021 by gaazkam

I read this: How strict should I be in rejecting unexpected query parameters?
Answer: No, do not error out on unexpected query string parameters.
But I just got a requirement from our security guy that I must do so. Not only for unexpected… Continue reading How strict should I be in rejecting unexpected HTTP request parameters redux?→

How strict should I be in rejecting unexpected HTTP request parameters redux?

Posted on June 10, 2021 by gaazkam

Why is it not recommended to permanently use the root account for all tasks?

Posted on March 1, 2021 by gaazkam

Yes, I did read this answer: https://apple.stackexchange.com/questions/192365/is-it-ok-to-use-the-root-user-as-a-normal-user/192422#192422
But I still fail to understand the reasoning behind this advice, as long as we are talking about a s… Continue reading Why is it not recommended to permanently use the root account for all tasks?→

Do corporate systems need to be updated immediately after updates are available? [duplicate]

Posted on April 26, 2020 by gaazkam

I lived under impression that timely updates were very important. Even a home user wouldn’t like their computer to demand ransom for their data. However, the less home and the more corporate our setting is, security only becomes more, not … Continue reading Do corporate systems need to be updated immediately after updates are available? [duplicate]→

What is the risk of compromise of an old, Internet-capable phone not used for browsing? (not smartphone)

Posted on February 7, 2020 by gaazkam

I’m talking about a class of old mobile phones that are not smartphones but are still (theoretically) Internet-capable, at least via 3G. Examples of such phones include Series 40 Nokia phones or the
Samsung phone featured in Spectre (OK th… Continue reading What is the risk of compromise of an old, Internet-capable phone not used for browsing? (not smartphone)→

Why is a fully-patched OS less important than AV?

Posted on January 11, 2020 by gaazkam

How to explain to traditional people why they should upgrade their old Windows XP device? <- The interesting point made in the highest upvoted answer to this Q is that a fully patched OS is largely insignificant for the se… Continue reading Why is a fully-patched OS less important than AV?→

How to explain to traditional people why they should upgrade their old Windows XP device?

Posted on November 16, 2019 by gaazkam

This is an issue I’m recurringly facing: older people from my family (or people who my family members know) can be surprisingly reluctant to apply most basic security measures when they’re using their PCs. The particular issu… Continue reading How to explain to traditional people why they should upgrade their old Windows XP device?→

How secure is connecting to the Internet via Windows XP (or even older) nowadays only for e-mail?

Posted on November 16, 2019 by gaazkam

While trying (and failing) to convice a certain older person who wanted me to “fix” their ~20 years old PC that they should not be connecting to the Internet with whatever version of Windows they have installed (they couldn’t… Continue reading How secure is connecting to the Internet via Windows XP (or even older) nowadays only for e-mail?→

How strong is a password consisting of words arbitrarily chosen form the dictionary?

Posted on September 25, 2019 by gaazkam

Diceware wants us to actually randomly pick n words from a given set of m=65 words.

Assume a user does not actually use a dice. Instead they take a physical dictionary of m words and “randomly” picks n words.

Can it be some… Continue reading How strong is a password consisting of words arbitrarily chosen form the dictionary?→